End user nonmalicious, counterproductive computer security behaviors: concept, development, and validation of an instrument

Employees' engagement in nonmalicious, counterproductive computer security behaviors (CCSB) poses a threat to organizations' information systems (IS) resources and assets. In order to understand CCSB, there is a need to propose theoretical foundations to research the phenomenon and to offer useful tools to help organizations assess such behaviors in their particular contexts. Relevant instruments that systematically measure or assess workers' participation in CCSB remain underdeveloped. This study proposes an instrument to assess engagement in CCSB. Confirmatory factor analysis confirmed three subscales of CCSB, that is, “careless use of IS resources,” “procrastinating carrying out required IS actions,” and “improper use of IS resources.” The instrument's relevance to research and practice is discussed and directions for future research are outlined.

[1]  J. Nunnally,et al.  Psychometric Theory , 2020, Encyclopedia of Behavioral Medicine.

[2]  France Bélanger,et al.  Determinants of early conformance with information security policies , 2017, Inf. Manag..

[3]  JinYoung Han,et al.  An integrative model of information security policy compliance with psychological contract: Examining a bilateral perspective , 2017, Comput. Secur..

[4]  Karin Hedström,et al.  Towards analysing the rationale of information security non-compliance: Devising a Value-Based Compliance analysis method , 2017, J. Strateg. Inf. Syst..

[5]  Efosa C. Idemudia,et al.  Factors Influencing Employees' Participation in Non-Malicious, Information Systems Security Deviant Behavior: Focus on Formal Control Mechanisms and Sanctions , 2017, AMCIS.

[6]  Diana Adler,et al.  Using Multivariate Statistics , 2016 .

[7]  Serge Egelman,et al.  Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS) , 2015, CHI.

[8]  Nico Martins,et al.  Improving the information security culture through monitoring and implementation actions illustrated through a case study , 2015, Comput. Secur..

[9]  Merrill Warkentin,et al.  An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset Through Sanctioning Rhetoric , 2015, MIS Q..

[10]  Princely Ifinedo,et al.  Effects of Organizational Citizenship Behavior and Social Cognitive Factors on Employees' Non-Malicious Counterproductive Computer Security Behaviors: An Empirical Analysis , 2015, CONF-IRM.

[11]  Patrick Y. K. Chau,et al.  Development and validation of instruments of information security deviant behavior , 2014, Decis. Support Syst..

[12]  Princely Ifinedo,et al.  Social Cognitive Determinants of non-Malicious, counterproductive Computer Security Behaviors (Ccsb): an Empirical Analysis , 2014, MCIS.

[13]  Princely Ifinedo,et al.  SOCIAL-COGNITIVE MECHANISMS AND COUNTERPRODUCTIVE COMPUTER SECURITY BEHAVIORS (CCSB): AN ANALYSIS OF LINKS , 2014 .

[14]  Ned Kock,et al.  Advanced Mediating Effects Tests, Multi-Group Analyses, and Measurement Model Assessments in PLS-Based SEM , 2014, Int. J. e Collab..

[15]  Zhen Shen,et al.  The effects and moderators of cyber-loafing controls: an empirical study of Chinese public servants , 2013, Information Technology and Management.

[16]  Mikko T. Siponen,et al.  Using the theory of interpersonal behavior to explain non-work-related personal use of the Internet at work , 2013, Inf. Manag..

[17]  Shahriar Akter,et al.  Development and validation of an instrument to measure user perceived service quality of mHealth , 2013, Inf. Manag..

[18]  Paul Benjamin Lowry,et al.  Using Accountability to Reduce Access Policy Violations in Information Systems , 2013, J. Manag. Inf. Syst..

[19]  Merrill Warkentin,et al.  Beyond Deterrence: An Expanded View of Employee Computer Abuse , 2013, MIS Q..

[20]  Ken H. Guo Security-related behavior in using information systems in the workplace: A review and synthesis , 2013, Comput. Secur..

[21]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[22]  Gurpreet Dhillon,et al.  Organizational power and information security rule compliance , 2011, Comput. Secur..

[23]  Mikko T. Siponen,et al.  Motivating IS security compliance: Insights from Habit and Protection Motivation Theory , 2012, Inf. Manag..

[24]  Eugene Santos,et al.  Intelligence Analyses and the Insider Threat , 2012, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[25]  Jai-Yeol Son,et al.  Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies , 2011, Inf. Manag..

[26]  Catherine E. Connelly,et al.  Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model , 2011, J. Manag. Inf. Syst..

[27]  Detmar W. Straub,et al.  Moving toward black hat research in information systems security: an editorial introduction to the special issue , 2010 .

[28]  Terrance Weatherbee Counterproductive use of technology at work: Information & communications technologies and cyberdeviancy , 2010 .

[29]  Rathindra Sarathy,et al.  Understanding compliance with internet use policy from the perspective of rational choice theory , 2010, Decis. Support Syst..

[30]  Paul E. Spector,et al.  Counterproductive Work Behavior and Organisational Citizenship Behavior: Are They Opposite Forms of Active Behavior? , 2010 .

[31]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[32]  Xianggui Qu,et al.  Multivariate Data Analysis , 2007, Technometrics.

[33]  Piers Steel The nature of procrastination: a meta-analytic and theoretical review of quintessential self-regulatory failure. , 2007, Psychological bulletin.

[34]  Paul R. Sackett,et al.  Citizenship and Counterproductive Behavior: Clarifying Relations Between the Two Domains , 2006 .

[35]  Pablo Zoghbi Manrique de Lara,et al.  Fear in organizations: Does intimidation by formal punishment mediate the relationship between interactional justice and workplace internet deviance? , 2006 .

[36]  Paul E. Spector,et al.  The dimensionality of counterproductivity: Are all counterproductive behaviors created equal? , 2006 .

[37]  Timothy Paul Cronan,et al.  Piracy, computer crime, and IS misuse at the university , 2006, Commun. ACM.

[38]  Simson L. Garfinkel,et al.  AFF: a new format for storing hard drive images , 2006, CACM.

[39]  E. Eugene Schultz,et al.  The human factor in security , 2005, Comput. Secur..

[40]  Jin Nam Choi,et al.  Rethinking Procrastination: Positive Effects of "Active" Procrastination Behavior on Attitudes and Performance , 2005, The Journal of social psychology.

[41]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[42]  Detmar W. Straub,et al.  A Practical Guide To Factorial Validity Using PLS-Graph: Tutorial And Annotated Example , 2005, Commun. Assoc. Inf. Syst..

[43]  Jan Guynes Clark,et al.  Why there aren't more information security research studies , 2004, Inf. Manag..

[44]  R. P. McDonald,et al.  Principles and practice in reporting structural equation analyses. , 2002, Psychological methods.

[45]  June Woo Kim,et al.  Global Cities and Developmental States: New York, Tokyo and Seoul , 2000 .

[46]  R. Bennett,et al.  Development of a measure of workplace deviance. , 2000, The Journal of applied psychology.

[47]  Siegfried Dewitte,et al.  Procrastinators lack a broad action perspective , 2000 .

[48]  P. Bentler,et al.  Cutoff criteria for fit indexes in covariance structure analysis : Conventional criteria versus new alternatives , 1999 .

[49]  R. Bennett,et al.  A TYPOLOGY OF DEVIANT WORKPLACE BEHAVIORS: A MULTIDIMENSIONAL SCALING STUDY , 1995 .

[50]  Houston H. Carr,et al.  Threats to Information Systems: Today's Reality, Yesterday's Understanding , 1992, MIS Q..

[51]  Robert F. DeVellis,et al.  Scale Development: Theory and Applications. , 1992 .

[52]  Delroy L. Paulhus,et al.  Enhancement and Denial in Socially Desirable Responding , 1991 .

[53]  James C. Anderson,et al.  STRUCTURAL EQUATION MODELING IN PRACTICE: A REVIEW AND RECOMMENDED TWO-STEP APPROACH , 1988 .

[54]  R. MacCallum,et al.  THE APPLICATION OF EXPLORATORY FACTOR ANALYSIS IN APPLIED PSYCHOLOGY: A CRITICAL REVIEW AND ANALYSIS , 1986 .

[55]  D. C. Feldman,et al.  The Development and Enforcement of Group Norms , 1984 .

[56]  C. Fornell,et al.  Evaluating Structural Equation Models with Unobservable Variables and Measurement Error , 1981 .

[57]  Gilbert A. Churchill A Paradigm for Developing Better Measures of Marketing Constructs , 1979 .